PHPDeveloper.orghttp://www.phpdeveloper.org
Up-to-the Minute PHP News, views and communityen-usTue, 03 Mar 2015 14:32:39 -060030http://www.phpdeveloper.org/news/16560http://www.phpdeveloper.org/news/16560
Kevin Schroeder has a new post to his blog today showing how you can use the Zend_Amf component in your Flex+PHP application to authenticate users with the same authentication structure the rest of the application uses.

I forget why, but a few days ago I started doing some digging around with authentication in Zend_Amf_Server. I had figured that I would add an adapter to the Zend_Amf_Server::setAuth() method and that would be it. But I was wrong.

Zend_Auth is used to validate the login information that's passed along and the Zend_Acl checks to see if they have access. To make this work for a connection from Flex, you need to make an authentication adapter and add it (as well as a basic ACL) into your Zend_Amf_Server call.

]]>Thu, 07 Jul 2011 09:39:47 -0500http://www.phpdeveloper.org/news/14974http://www.phpdeveloper.org/news/14974
In a new post to his blog today Chris Hartjes looks at some of his thought process when implementing authentication and access control in his Zend Framework applications.

One of the more frustrating things about using Zend Framework is that for pretty much any topic, there is always at least 2 ways to accomplish a particular task. For a beginner with the framework, this is a humungous barrier to overcome. When I try to implement something, my first question is no longer "how will I do this" but "where the hell should I put this code?". In my case, the problem I was attempting to solve was "how do I implement ACL for one module in my application?"

He found examples using plugins, pieces in the front controller, putting code in preDispatch but they didn't fit his situation. Instead he used theseexamples to create his solution. The code for this is included in the post along with a unit test (PHPUnit) to help ensure everything's working.

]]>Tue, 17 Aug 2010 12:08:49 -0500http://www.phpdeveloper.org/news/14934http://www.phpdeveloper.org/news/14934
In this new post to his blog talks about authentication strategies in Zend Framework applications with the combination of Zend_Acl and Zend_Auth.

I'm going to talk more about ACLs than Auth. Auth is simple, it's the ACL that will trip you up. Since both concepts are coupled together when you're making a login system, I feel it's appropriate to at least touch on Auth. What I want to cover is the ways we can create the ACL object to suit needs based on the scale of the project. I'm going to assume that readers have a passing familiarity with using the Auth and Acl objects and may have even implemented them into projects.

He talks about two things you'd need to consider - scalability (how to define your ACLS: hardcoded, in the navigation object and defined in a database) and working with ACLs in multiple projects.

]]>Tue, 10 Aug 2010 12:20:00 -0500http://www.phpdeveloper.org/news/14232http://www.phpdeveloper.org/news/14232
Juozas Kaziukenas has posted the first part in his look at making ACL easy (access control lists). His examples are more specific to the Zend_Acl component of the Zend Framework, but the concepts can be translated across several different ACL tools out there.

Every now and then I see questions about ACL and how to use it. A lot of web developers are using it without actually knowing what it is and how it works, even though it's powering one of the most important part of applications - user access management.

He starts off with the base level of what an ACL is and how it would work in your application (illustrated by a wrong and right way to handle a simple permission in an application). He talks about roles, resources and privileges as well as how applications using the MVC design pattern make it simple to check the current resource. He also mentions an issue that could be confusing - inheritance.

]]>Tue, 23 Mar 2010 10:38:52 -0500http://www.phpdeveloper.org/news/13589http://www.phpdeveloper.org/news/13589
Adam Jensen has written up a quick tutorial about using Doctrine record listeners to link a Zend_Acl component with your database.

In previous Zend Framework apps I've written, I often handled access control at the level of the controller action. Each action was represented in the ACL as a resource, and the ACL logic was applied by a custom plugin just prior to any action dispatch. [...] As a result of these concerns, I decided on a lower-level, model-centric approach for this blog: my models are my resources. Each model class implements Zend_Acl_Resource_Interface, and the ACL specifies "create," "read," "update" and "destroy" privileges for each class (more or less).

Checking for the permissions with a setup like this can be time consuming, though, so he found an ally in the record listeners Doctrine allows you to set. He combines a Doctrine_Record_Listener object with a Zend_Acl one in a preInsert method with a getCurrentRole to add the user handling all in one place.

]]>Wed, 25 Nov 2009 11:53:29 -0600http://www.phpdeveloper.org/news/12023http://www.phpdeveloper.org/news/12023
In this recent post to his blog Joe Topjian takes a look at something that has been known to confuse Zend Framework users when trying to set up access control for their application - using the Zend_Acl component.

It seems everyone, myself included, has a bit of a hard time first grasping Zend_Acl. For the time being, I've settled on a simple solution. It's party based on the solution given in the Zend Framework in Action book. I hope you get some use out of it.

His example uses the Zend_Config component to configure his roles and a more centralized approach to validating access for the users - more rules in the INI config file and a custom MyACL class/AclHelper tat are called from the bootstrap file to evaluate where the user can and cant go for each request.

]]>Wed, 25 Feb 2009 13:45:43 -0600http://www.phpdeveloper.org/news/11979http://www.phpdeveloper.org/news/11979
Jani Hartikainen has posted the third part of his series looking at access control and the Zend_Acl component of the Zend Framework. This article focuses on creating and storing dynamic ACL lists in a database.

As we have previously looked at ACLs which are hardcoded, we will now look at building a "dynamic" ACL. Previously shown "static" ACLs are good for quick and simple sites, but when you actually require the ability for administrators to define access rights on the fly using an admin panel, they quickly lose their usefulness.

Dynamic lists provide more flexibility in handling the access control of your site - it allows you to only pull what you need (just that user) when you need it. His method uses an ACL factory class to create the Zend_Acl objects for each request. He includes an example of protecting an application used to serve out files to visitors. You can download the code if you'd like to mess around with it yourself.

]]>Thu, 19 Feb 2009 07:56:49 -0600http://www.phpdeveloper.org/news/11938http://www.phpdeveloper.org/news/11938
Continuing on from his previous post in his series, Jani Hartikainenlooks again at the Zend_Acl component for access control and how to deal with its "abstract" role.

In the context of Zend_Acl, access to resources is given to roles: A role might be a user's name, a group a user belongs to, or just roles, which have been assigned to a user from the admin panel. Since Zend_Acl only defines an "abstract" role, resource and privilege, how do we deal with all of these using it? Read more to find out! I'll also be addressing some more ways to deal with allowing and denying access.

He looks at how you can use your own role scheme (custom strings with meaning to you and your application) to define what the user can and can't do. He creates a plugin/interface for the framework to help handle this style so that he can compare the user's current identity against the resource type(s) they want to check.

]]>Thu, 12 Feb 2009 11:16:34 -0600http://www.phpdeveloper.org/news/11907http://www.phpdeveloper.org/news/11907
Jani Hartikainen has started off a new series that looks specifically at the Zend_Acl component of the Zend Framework starting with this new post looking at a few of the misconceptions surrounding the component.

I'm going to be writing a weekly series of posts on Zend_Acl. This first post will clear up some common misconceptions regarding Zend_Acl, introduce creating ACLs for simple applications, and give some examples on using the ACL in both non-Zend Framework and Zend Framework applications.

To show the most basic usage (and set a foundation for future articles), he creates a simple ACL system for a Zend Framework application. The system sets up a few different roles (guest, member) and some rules to show who can access what. He ties this into his preDispatch method in his My_Plugin_Acl plugin so that it runs right before the rest of the request is processed. If the user is not allowed, it kicks them other to the authentication controller for them to log in.

]]>Mon, 09 Feb 2009 07:55:57 -0600http://www.phpdeveloper.org/news/11609http://www.phpdeveloper.org/news/11609
Since the Zend Framework is mostly a library of components behind a framework structure, its parts can also be used individually if need be. In this new postMatt Stone shows how to combine the Zend_Acl component (for access control) with a CodeIgniter framework application.

In this post I will explain how to build simple access control functionality for your Code Igniter application using the Zend Framework ACL library. To follow this tutorial you will need a working installation of Code Igniter and a database. You will also need to download the Zend Framework.

He goes through the whole process - code and all - for pulling in and using the Zend_Acl library complete with a database (schema and inserts provided) as well as a sample controller for CodeIgniter to test things out.